Multi-factor authentication (e.g., two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of three authentication factors (e.g., a knowledge factor or “something the user knows”, a possession factor or “something the user has”, and an inherence factor or “something the user is”) for purposes of confirming the identity of a person or software program. As a simple example in the context of a bank customer utilizing an automated teller machine (ATM), one authentication factor is the physical ATM card the customer slides into the machine (a possession factor) while the second factor is the personal identification number (PIN) the customer enters through the keypad (a knowledge factor). Corroboration of both of these authentication factors leads to authentication of the customer and access to his or her account for purposes of withdrawing currency.
In the context of a user accessing an enterprise network (e.g., for purposes of accessing an email server or other enterprise applications) via a mobile device (e.g., smartphone, tablet, etc.) over a Virtual Private Network (VPN) connection or the like, for instance, multi-factor authentication is sometimes used to verify a user's identity to the enterprise (e.g., as an employee of the enterprise). Specifically, the authentication factors may be a user name and password (the knowledge factor) and one or more “soft tokens” (the possession factor). In relation to the latter factor, for instance, a user's smart phone may be loaded with an application that generates authentication soft tokens for purposes of accessing the enterprise network.